# LAMP ---> Linux + Apache + MySQL + PHP
# 万能密码：1'or'1'='1
# 万能用户名：原始用户名' -- '
# SQL注射攻击（SQL Injection）---> 万恶的源头就是用字符串拼接构造SQL语句
from utils import create_connection, password_to_digest

username = input('用户名: ')
password = input('密码: ')

conn = create_connection(database='hrs')
with conn.cursor() as cursor:
    password = password_to_digest(password)
    cursor.execute(
        f"select user_id from tb_user where user_name='{username}' and user_pass='{password}'"
    )
    if cursor.fetchone():
        print('登录成功')
    else:
        print('登录失败')
